iDEFENSE reports that a format string vulnerability in mod_auth_pgsql, alibrary used to authenticate web users against a PostgreSQL database,could be used to execute arbitrary code with the privileges of the httpduser.

The old stable distribution (woody) does not containlibapache2-mod-auth-pgsql.

For the stable distribution (sarge) this problem has been fixed inversion 2.0.2b1-5sarge0.

For the unstable distribution (sid) this problem will be fixed shortly.

We recommend that you upgrade your libapache2-mod-auth-pgsql package.

Upgrade Instructions- --------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line forsources.list as given below: